NSA, GCHQ Theft Of SIM Crypto Keys Raises Fresh Security Concerns

News that the U.S. National Security Agency (NSA) and Britain’s Government Communications Headquarters (GCHQ) reportedly stole encryption keys used in SIM cards manufactured by Gemalto is sure to reignite major concerns over the surveillance tactics employed by two of the world’s largest spy agencies.

The Intercept reported yesterday that documents provided to the paper by Edward Snowden showed the NSA and GCHQ collaborated on a project to break into Gemalto’s networks and steal SIM encryption keys, which are used to protect the privacy of cellphone conversations and text communications.

The $2.7 billion Netherlands-based Gemalto supplies SIM chips used widely in mobile products from AT&T, Verizon, T-Mobile, Sprint and more than 400 wireless service providers around the world. Its chips are also used in bankcards, access cards, passports and identity cards around the world.

The stolen keys give the two agencies a way to intercept and monitor cellphones without the need for a warrant or a wiretap, and without leaving any trace on the wireless service provider’s network, the Intercept report said. The bulk key theft would also allow the two agencies to decrypt any communications that were previously encoded using the associated SIM cards.

Gemalto itself appears to have been totally unaware of the carefully staged operation to break into its networks and steal the encryption keys. According to the Intercept, Snowden’s documents show that the GCHQ with help from the NSA methodically targeted and mined the private communications of employees at Gemalto and elsewhere to find a way to the data they wanted.

As part of the operation, GCHQ planted malware on Gemalto’s networks to gain what appears to have been complete remote access to its systems. GCHQ also targeted systems used by network engineers and those used by sales and marketing teams at various unnamed cellular companies. In addition, the spy agency penetrated authentication servers at several telecom companies to allow it to decrypt data and voice communications of targeted individuals. The intelligence agencies accessed email and Facebook accounts of engineers and other employees as part of an elaborate effort to find a way to lift encryption keys in bulk.

SIM encryption keys -- know individually as a “Ki” -- basically give telecom carriers a way to authenticate mobile device on the network. SIM card manufactures like Gemalto provide mobile carriers a copy of the keys used in SIM cards installed on mobile devices in their network. When a phone joins the network, the key on the device communicates with the copy of the key stored by the carrier as part of the authenticating process.

GCHQ in partnership with the NSA established a Mobile Handset Exploitation Team (MHET) in 2010 to find exploitable vulnerabilities in cellphone technologies, the Intercept reported. One of its missions apparently was to break into the networks of SIM card manufacturers like Gemalto and that of wireless service providers to steal the encryption keys that are used to protect cellphone communications on 3G, 4G and LTE networks. The agencies saw the keys as providing them with an easy way around local and international laws governing surveillance of cell phone communications.

Jonathan Sander, strategy and research officer for STEALTHbits Technologies likened the methods employed by the two agencies to those used by hackers working for criminal gangs. But it's quite likely that most governments are benefitting from the work being done by the NSA and GCHQ and are therefore unlikely to want to do anything about it, he says.

“Even if they are upset, there’s not much they can do. The information technology infrastructure we all participate in is simply too vulnerable to be protected against well funded people with intent to get information they aren’t supposed to have," Sander says.

The stolen keys not only allow the agencies to decrypt protected phone communications but also to deploy malicious Java applets or to send rogue SMS messages from fake cell towers, according to Craig Young senior security researcher at Tripwire.

“Knowledge of security keys used in SIM cards can have wide reaching consequences,” he said via email. “As prior research has described, SIM cards are much like little computers with the ability to run applications at a lower level than the phone’s operating system.” Those with access to the keys can launch sophisticated man-in-the-middle attacks against properly authenticated cellphones, he said.

Jeremy Linden, a senior security product manager at Lookout, says news like this shows why end-to-end encryption is the way to go. “The hack on SIM cards doesn't extend to applications that use their own forms of encryption,” Linden said in emailed comments.

“Encrypted messaging apps and other forms of encrypted communications will help you steer clear of prying eyes.”

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

all this hacking should elicit a response rather than a concern. Get GnuPG: generate your own key.

on x.509 certificates: A " Certificate Authority" should be good enough only for marginal trust. Use your copy of GnuPG to countersign your certificate for your Cedit Union, Amazon, Tax Software and the like

security is not something that cna be distributed by commercial interests: you have to roll up your sleeves, get your boots on and get to it.

it won't be that hard to set up help centers in the credit unions, schools, and such --, but: if we continue as we have recently hacking will be worse in 2015 -- and it has already gone beyond the tipping point. it's unacceptable. hacking can no longer be swept under the carpet as "part of the cost of business"

start by getting rid of products that do not put security and privacy first.

An exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera G5 firmware 1.87.00. A specially crafted GET request can cause arbitrary commands to be executed. An attacker can send an HTTP request to trigger this vulnerability...

In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response.

In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. Attach API is enabled by default on Windows,...

Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.